Mashic Compiler: Mashup Sandboxing based on Inter-frame Communication

Abstract

We propose a new compiler, called Mashic, for the automatic generation of secure Javascript-based mashups from existing mashup code. The Mashic compiler can effortlessly be applied to existing mashups based on a wide-range of gadget APIs. It offers security and correctness guarantees. Security is achieved via the Same Origin Policy. Correctness is ensured in the presence of benign gadgets, that satisfy confidentiality and integrity constrains with regard to the integrator code. The compiler has been successfully applied to real world mashups based on Google maps, Bing maps, YouTube, and Zwibbler APIs.

Journal Version

The journal version of the conference paper can be found here. This version contains details of JS decorated semantics, integrator transformation rules and proofs of theorems.

Mashic Compiler Prototype Implementation

The mashic compiler can be downloaded from here. The optimized mashic compiler can be downloaded from here. The compiler is written in a dialect of scheme - Bigloo 3.5. A tutorial on how to use mashic can be found here.

Demos

• Random markers (google maps): original mashic compilation mashic optimized compilation
• Polylines arrays (google maps): original mashic compilation mashic optimized compilation
• Polylines complex (google maps): original mashic compilation mashic optimized compilation
• Youtube controls (youtube api): original mashic optimized compilation

These demos may require the lastest version of your web browser. They are tested to be compatible with Firefox 3.5+, Google Chrome 11+, Safari 5+.